Ok, so with that in mind, an ambient of around 23 C, and the SG-3100 sitting between above a Netgear switch and a below Speedtouch modem (which does get quite warm in itself), 70 C or so should be expected...

My pfSense is reporting an idle temperature of around 70 C, this is with load average of 0.16,0.18,0.17 and CPU of 10-15% (I guess this is being affected by my observation, as I have the web dashboard open which is obviously using up some cycles too).

Is this a "normal" temperature? It seems a little high for me, but I'm not familiar with the hardware...

On a related note - can anybody tell me the SNMP OID to monitor temperature?

I've been setting up my new SG-3100, and I'm stuck trying to figure out how to properly set up VLANs and allocate port(s) to them.

Here's what I have so far:

WAN (mvneta2) - Directly connected to ADSL router 1

OPT1 (mvneta0) - Directly connected to ADSL router 2

LAN1 (mvneta1) - Connected to unmanaged switch

LAN2...4 (mvneta1) - Currently disconnected

Now I have a separate unmanaged switch that would be in my DMZ, and I'd like to assign LAN2 to a separate VLAN and configure an interface in the DMZ on that port (so I can configure WAN-to-DMZ and DMZ-to-LAN rules).

The onboard Marvel 6000 switch seems to not have any configurable options. I have created a VLAN on "mvneta1", but not sure where to go next - I need traffic on the 4 LAN ports (or at least on 1 of them) to be separate from the rest.

EDIT: I should add that I have found the Switch options pages, but these are all read-only; specifically the Interface/Switch/VLANs page, shows 5 groups, all configured as "Default System VLAN", with all 5 ports assigned to all of them (I assume 5 ports as 1 is the internal uplink port of the switch).

I've just set up a new SG-3100, and using SNMP sensors in PRTG to monitor various statistics, including bandwidth. The reported bandwidth in PRTG seems to be double the actual use - I'm seeing 20Mbps where it should be closer to 10Mbps (I wish it was 20!).

I'm using a Multi-WAN setup, with policy-based routing, so I'm not doing anything fancy with load balancing etc. Both WAN links (WAN/mvneta2 and OPT1/mvneta0) seem to be exhibiting the same behaviour.

Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?

Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.

WAN1 is a public range, I have a /28 addressable subnet. One of the IPs is statically assigned to the pfSense, one is the modem/router itself (default gateway) and a couple of the remaining ones are assigned to devices sitting "outside" the firewall - these are the ones I tested DNS lookups from whenever I get timeouts from pfSense itself.

WAN2 is slightly different, I get an RFC1918 address, but have a 1:1 NAT set so I can configure port forwarding etc on the pfSense directly. No other devices between that modem/router and the pfSense WAN port.

However, as I mentioned above, I disabled WAN2 altogether last time I saw the issue, and it was still happening after that, all the while DNS queries outside the pfSense were fine.

I'll try your suggestion of running a packet capture on pfSense next time this happens, and will report back...

Though you can see the DNS server is reachable via ping (and traceroute) from the same shell session...

From a server sitting just "outside" the pfSense (directly connected to the ADSL modem, and in the same public subnet as pfSense WAN1), everything is fine. So the problem is definitely with pfSense itself...

For now I have disabled WAN2 altogether, to eliminate that as an issue, but it hasn't changed anything...

I should have mentioned - when DNS resolution works via the pfSense forwarder, it also works if I use external nameservers directly from my LAN too. When it stops working via forwarder, it stops working everywhere...

Strange as usual, everything is working fine again... for the time being!

I'm running pfSense 2.1-RELEASE with a single LAN and two WANs. I have DNS forwarder enabled on the pfSense and DNS servers configured as follows (in System --> General):

ISP1 Primary DNS - Use WAN1 gateway

ISP2 Primary DNS - Use WAN2 gateway

8.8.8.8 (Google Primary) - no gateway

8.8.4.4 (Google Secondary) - no gateway

For some reason, DNS resolution in my LAN has stopped working... it was on and off for a while, but now it's completely "broken", and I'm not sure why.

I can reach all 4 DNS servers from both inside the LAN and also from the pfSense itself - i.e. they are responding to ICMP ping.

But any domain lookups, whether from my LAN (using pfSense as the DNS resolver) or from the pfSense itself no longer work. I tried disabling the DNS Forwarder as a DNS server for the firewall (again in System --> General) and this still didn't change anything.

Here's the even stranger thing: Even if I set DNS servers on a PC on the LAN to Google public DNS it still fails with a timeout, as if the pfSense is blocking it!

Ping to the above IP is fine from inside the LAN, as is access to DNS itself from WAN, as I have checked from a server that is running "outside" the pfSense and connected directly to the ADSL modem/router. This is the case for all 4 DNS servers on both WAN connections.

I of course tried the usual, stop/start DNS forwarder, disable it completely, restarted pfSense etc... also, I checked and I'm not blocking (as far as I can tell) DNS IPs/ports in the firewall rules. Nothing has changed there for quite some time...

I'm not sure if the subject is accurate for what I'm trying to do, so I'll explain it...

My LAN is on 192.168.2.0/24. I have two WAN interfaces, connected to separate ISPs and pfSense is my default gateway for all devices on the 192.168.2.0/24 subnet.

There are some remote networks I need to reach via PPTP. Since pfSense cannot act as a PPTP client (or maybe I'm too dumb to figure out how to do it!), I have setup a Linux VM which is running pptp client and it does connection sharing and NAT via iptables. The VM is on 192.168.2.253, and one of the remote networks I'm connecting to via PPTP is on 10.20.30.0/24.

I have set a static route on all PCs to send traffic to 10.20.30.0/24 via the 192.168.2.253 gateway, and this is working just fine...

Now, I want to avoid having to configure the route on all LAN devices (there are 3 VPNs currently, so 3 routes per device), so I was wondering if I could do this using the pfSense instead.

So far on pfSense I've been able to:* Create a gateway on the LAN interface, with IP 192.168.2.253* Add a static route for 10.20.30.0/24 with the above gateway

I can ping devices on the 10.20.30.0/24 from the pfSense diagnostics page only... doing so from any other device on the LAN doesn't work. I suspect I need to force the pfSense to NAT the traffic to it's inside IP address (192.168.2.254) before routing it via the pptp gateway (192.168.2.253).

The only thing I could think of was to try adding a firewall rule on the LAN interface to do this (i.e. any traffic to 10.20.30.0/24 should use gateway 192.168.2.253), but that didn't work.

Any thoughts?

Once I can get one of the remote networks to connect, I'll just copy the configuration for the other two...